When Lambda is deployed into VPC with IPV6 support enabled and then updated to remove it from VPC, an error is produced.
This can be worked around by first, manually unsetting the Ipv6AllowedForDualStack flag in VPC configuration, either in UI console or CLI and then running the deployment with updated template.
Expected Behavior
Lambda should deploy without error and manual intervention.
Observed Behavior
Error message:
Resource handler returned message: "Ipv6AllowedForDualStack cannot be true without subnet or security groups. Please remove Ipv6AllowedForDualStack value from your request and try again.
Test Cases
Deploy VPC with IPV6 subnets and a Lambda function using that vpc, VpcConfig with Ipv6AllowedForDualStack set to true (you will have to set subnet and security group as well).
Change the template to disassociate Lambda from the VPC and remove the VpcConfig section.
Name of the resource
AWS::Lambda::Function
Resource Name
No response
Issue Description
When Lambda is deployed into VPC with IPV6 support enabled and then updated to remove it from VPC, an error is produced.
This can be worked around by first, manually unsetting the
Ipv6AllowedForDualStackflag in VPC configuration, either in UI console or CLI and then running the deployment with updated template.Expected Behavior
Lambda should deploy without error and manual intervention.
Observed Behavior
Error message:
Test Cases
Deploy VPC with IPV6 subnets and a Lambda function using that vpc,
VpcConfigwithIpv6AllowedForDualStackset totrue(you will have to set subnet and security group as well). Change the template to disassociate Lambda from the VPC and remove theVpcConfigsection.Lambda should redeploy without errors.
Other Details
No response